Crowdfunding for Acquiring Shadow Brokers Exploits Canceled

Researchers announced this week the launch of a crowdfunding initiative whose goal was to raise money to subscribe to the Shadow Brokers’ monthly exploit leaks. However, the funding campaign has been canceled due to legal reasons.

The hacker group called Shadow Brokers announced on Tuesday that interested parties can obtain exploits and information by paying a monthly fee of 100 Zcash (roughly $20,000). The hackers claim they possess a lot of data allegedly stolen from the NSA-linked Equation Group, including exploits, SWIFT network data, and information on nuclear and missile programs in Russia, China, Iran and North Korea.

A group led by Hacker House co-founder Matthew Hickey and the researcher known online as “x0rz” launched a Patreon-based crowdfunding campaign to raise the 100 Zcash needed to subscribe to the Shadow Brokers’ monthly dumps.

The plan was to immediately notify affected vendors of any zero-day exploits in hopes of avoiding another attack similar to the WannaCry ransomware, which leveraged a Windows SMB exploit leaked by Shadow Brokers. While Microsoft patched the flaw in March, weeks before the WannaCry attacks, many companies were not aware of the risks and neglected to patch it.

Hickey conducted a survey to get the infosec community’s view on the crowdfunding idea, and just over half of the roughly 1,800 votes supported the initiative. Some industry professionals pointed to the legal and ethical implications, while others noted that the Shadow Brokers have likely already leaked all the valuable exploits, or that they will leak the data anyway as they are simply doing it for the attention.

The project raised nearly $4,000 in just 36 hours, but the initiators of the campaign decided to pull the plug after seeking legal advice. The pledged bitcoins will be refunded or donated to the Electronic Frontier Foundation (EFF).

“If you ever want to hear a lawyer shout expletives at volume down a phone you need to call him and tell him that you have created the first open source crowd-funded cyber arms acquisition attempt,” Hickey said. “It transpires that should funds change hands from ours to the Shadow Brokers we would be certainly risking some form of legal complications. It was just too risky and the advice was under no circumstances to proceed further with this.”

While it’s still not clear who is behind the Shadow Brokers – some point to Russia, while others to an NSA insider – Hickey said he learned that the group is linked to Russia’s Federal Security Service (FSB), which complicated the situation even further.

The Shadow Brokers have denied having anything to do with Russia and they claim their main goal is to make money. However, all their attempts, including auctions and crowdfunding initiatives, have so far failed. It remains to be seen if anyone signs up for their monthly dump service.

In the meantime, The Washington Post reported – and confirmed speculation – that it was the NSA who informed Microsoft about the Windows vulnerability exploited by WannaCry. The infosec community has been urging the intelligence agency to disclose the Equation Group exploits to affected vendors given that they could be made public at any time.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.